can-i-take-over-xyz icon indicating copy to clipboard operation
can-i-take-over-xyz copied to clipboard

Published 20 hours ago verified publisher icon EdOverflow

FreshDesk is still vulnerable

Open m7mdharoun opened this issue 6 years ago • 13 comments
trafficstars

Service name

FreshDesk

Proof

if the subdomain have an fingerprint and the cname is the same fingerprint Yes the subdomain can be takeover !

FingerPrint We couldn't find support.example.com May be this is still fresh!

You can claim it now at http://www.freshdesk.com/signup ``

Documentation

HarryMag could takeover a Subdomain http://support.hvst.com/support/login freshdisk

m7mdharoun avatar Dec 22 '18 23:12 m7mdharoun

Thank you for raising this issue, @m7mdharoun. @codingo, we really need to look into FreshDesk at some point.

EdOverflow avatar Dec 23 '18 14:12 EdOverflow

@EdOverflow @codingo I want to add : when you sign up at freshdesk you will get any subdomain ex : mysubdomain.freshdesk.com you can request to change your subdomain to any avialable subdomain by only Freshdesk support. ( freshdesk allow this )

m7mdharoun avatar Dec 23 '18 19:12 m7mdharoun

is this still vulnerable @m7mdharoun @EdOverflow

Walidhossain010 avatar Feb 25 '20 13:02 Walidhossain010

freshdesk is not vulnerable @EdOverflow

https://support.freshdesk.com/support/solutions/articles/37590-using-a-vanity-support-url-and-pointing-the-cname

Walidhossain010 avatar Apr 15 '20 06:04 Walidhossain010

No one thinks about close this "2-years club" issue

justforhack avatar Jul 05 '20 15:07 justforhack

I think I was able to takeover. So its still vulnerable

agrawalsmart7 avatar Feb 03 '21 07:02 agrawalsmart7

@justforhack, the way the project works is that "Issues" are not in fact used for their intended purpose. This has turned more into a forum of sorts for people to discuss specific services within issue tickets. Closing issue tickets makes them slightly less discoverable which is undesirable. In other words, there is no "fix" for these issues as you might typically see on GitHub—these are merely posts and discussions.

EdOverflow avatar Feb 03 '21 13:02 EdOverflow

Okay man!!

(I thought my comment was disappeared from this world, a long time ago...)

shelld3v avatar Feb 03 '21 13:02 shelld3v

https://www.youtube.com/watch?v=eph0PaccRP0

ibk96 avatar May 07 '21 20:05 ibk96

Hello Guys, Is there still freshdesk cname is vulnerable to subdomain takeover.

sekharlee avatar Jun 22 '21 10:06 sekharlee

They now seem to require validation through adding a DNS record. I don't think takeover is still possible. If there's some way around the verification, I'm all ears.

lappsec avatar May 31 '22 20:05 lappsec

FreshDesk Subdomain Takeover is Vulnerable or not any verification is required

varmakollu avatar Jun 24 '23 20:06 varmakollu